Maintaining Zero Trust With Federation

Abstract

Federated activity presents a challenge for enterprises with high-level security architectures. Federation involves information sharing among services and with working partners, coalition partners, first responders, and other organizations. Federation may be unilateral or bilateral with similar or dissimilar information-sharing goals. Strong internal security, including zero trust controls, often do not extend cleanly across enterprise boundaries, potentially leading to insecure shortcuts and workarounds that can become the rule instead of the exception. This paper presents methods for an enterprise to extend its zero trust security policies to include federation partners. It applies to federation partners that support the same security policies with compatible standards and services and to partners that provide a similar but incompatible security framework, a subset of required security services, or no security services. The partner organization may be fully trusted, partially trusted, or untrusted. Even for trusted partners, the services may not meet required security standards. Our solution combines selected partner security services, internal services, derived credentials, delegated authorities, and supplemental services to form the federation security architecture based on zero trust premises to the maximum extent. This paper uses the Zero Trust for Enterprise (ZTE) architecture as the starting point for a secure enterprise and addresses the challenge of extending this model to federate with different types of partners. We review the security approach, the security properties, and several options for an enterprise to maintain the ZTE security properties while enabling federated sharing with other enterprises that have different capabilities and levels of trust